Splunk Search

Discussions

Thread Info

How to write a search to get a list of all the source files that were indexed today?

Hi Team, I have a forwarder installed and configured to forward logs that it is receiving daily. The timestamp in ...

by Motivator in

Splunk _time is not working with Inner join

We have an inner join on two indexes. When we are querying with time controller its not showing data properly with To...

by New Member in

How do get the combined search result?

I want to get the combined result of two events. E.g The first event have reference ID, Name & IP and the second even...

by Explorer in

How to run Splunk searches in a custom REST endpoint?

I have implemented a custom rest end point and it's working. Now I have another requirement to run Splunk searches in...

by Communicator in

After deploying a new app to our search head cluster, why am I getting search error "Search process did not exit cleanly, exit_code=255"?

Search process did not exit cleanly, exit_code=255, description="exited with code 255". Please look in search.log for...

by Communicator in

unable to process binary log file

i have splunkforwarder running but once a while we run into issue with the following error about file being binary - ...

by New Member in

Why am I unable to match two fields from two sourcetypes using mode=sed with rex?

I have two sourcetypes that have URL fields. I am attempting to remove the . so that both fields are just letters and...

by New Member in

Splunk Api query returns inconsistent results

Hello, I am getting inconsistent results from splunk for below queries. query1: search index=index01 AND statu...

by Explorer in

How to edit my current search to convert table data into a timechart or chart?

Hello - I am currently looking to create a timechart or chart (line or bar graph) to display table data I have cre...

by Contributor in

Difference of fields with the same name in a transaction

Given data of the form: [OPEN PLAN START] Guid=358846c0a0e9, AvailRAM=4555 ... [OPEN PLAN END] Guid=358846c0a0e9, Ava...

by Contributor in

How can I use the output from a previous search to use as a time range on my next search?

I have a filter that extracts the date and time just like below. index=_server _raw="*completed*" | head 1 | eval ...

by Explorer in

How to use eval with the asterisk wildcard character as the default value for my token?

I am trying to format a token in my form and then apply the token value to my search. This works just fine when I use...

by Explorer in

How to sum a field and group by another - but remove first entry per group?

I have a search that sorts events by a field (SYMBOL) . My issue is that I want to sum the duration between events by...

by New Member in

How to write my token for a drop-down list search on my dashboard?

Hi all, I wanted to know if someone can help me figure out how to write my token for the following drop-down list...

by Path Finder in

How to count the number of recipients getting an email from a specific domain.

I have my search currently showing a count of one email to each user when I send a test email. I want to be able to t...

by Explorer in

Lost SDEE connection to Cisco IPS after upgrading from 6.2 to 6.3.

The SDEE Troubleshooting search shows a successful connection to the IPS but errors on an unexpected keyword argument...

by Explorer in

What are OTHER and VALUE data generated by doing a geostats count by Region on Splunk maps?

I'm doing a geostats count by Region (after doing an iplocation on my customer's ip): 1) if data is put into "OTHER",...

by Path Finder in

Usinig Windows Storage Server 2012 as the Event collector and Splunk forwarder.

Hi all, Is it available using Windows Storage Server 2012 as the Event collector and Splunk forwarder which gather...

by New Member in

How do I extract these fields from Avaya CDR logs that are currently missing from search results?

Hello, We have avaya phones in our environment and logs are being populated to Splunk. We need to get some basic r...

by Engager in

How to create a search to find user ID's that are fraudulently using rewards for a retail business based on multiple uses of the same reward?

Hi Business - Retailer Requirement - I need to know how to create a search for rewards announcements in a retail b...

by New Member in

Regex help

Hello, Would anyone know the regex value for the final numeric value after the last comma in the following log en...

by Communicator in

Divide a severity count by host count in a timechart

Hi folks, I guess what I am trying to do is create a timechart based on a scan events severity rating(low, med, hi...

by Communicator in

If I have a process id that fails to log in to Splunk, how can I find out what the failure was?

I ran this search: index=_audit action=failure | stats count by _time,user,action which returned a desired res...

by Communicator in

How to define a data filter in order to apply different fields extractions for 2 different events from the same source?

Hello, I am new to Splunk Enterprise Here is my problem: I have a data source in the form of text files which ...

by New Member in

Why am I unable to extract fields from multiline events with my current props.conf configuration?

Hi All, I am trying to extract fields from multiline events which were injected from our server to Splunk. We h...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to write a search to get a list of all the source files that were indexed today?

Splunk _time is not working with Inner join

How do get the combined search result?

How to run Splunk searches in a custom REST endpoint?

After deploying a new app to our search head cluster, why am I getting search error "Search process did not exit cleanly, exit_code=255"?

unable to process binary log file

Why am I unable to match two fields from two sourcetypes using mode=sed with rex?

Splunk Api query returns inconsistent results

How to edit my current search to convert table data into a timechart or chart?

Difference of fields with the same name in a transaction

How can I use the output from a previous search to use as a time range on my next search?

How to use eval with the asterisk wildcard character as the default value for my token?

How to sum a field and group by another - but remove first entry per group?

How to write my token for a drop-down list search on my dashboard?

How to count the number of recipients getting an email from a specific domain.

Lost SDEE connection to Cisco IPS after upgrading from 6.2 to 6.3.

What are OTHER and VALUE data generated by doing a geostats count by Region on Splunk maps?

Usinig Windows Storage Server 2012 as the Event collector and Splunk forwarder.

How do I extract these fields from Avaya CDR logs that are currently missing from search results?

How to create a search to find user ID's that are fraudulently using rewards for a retail business based on multiple uses of the same reward?

Regex help

Divide a severity count by host count in a timechart

If I have a process id that fails to log in to Splunk, how can I find out what the failure was?

How to define a data filter in order to apply different fields extractions for 2 different events from the same source?

Why am I unable to extract fields from multiline events with my current props.conf configuration?

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions